24 February 2014

I'm presently in France for two weeks, and was interested in using a local pre-paid SIM. I settled on Lebara, which is a global virtual mobile operator. While Lebara operates in Australia, it bears little relationship with other Lebara operators, so I dealt with Lebara France directly.

I registered for a new SIM on http://lebara.fr before I left Australia, and within a few days Lebara had air mailed me a SIM and details of the phone number. I activated it on the web site, and that was that until I arrived in France.

Just before I left Australia I changed my voicemail on my Optus account to ask people to email me or SMS me. I then diverted all inbound calls to voicemail.

On arrival in France I inserted the Lebara SIM into my Nexus 5, and went to their website and added EUR20 credit. This was supposed to give me EUR20 credit and 3 GB of data. As it turned out, despite quite clearly clicking on "3GB" bonus data topup, I still only received 1 GB of data. Black mark for false advertising and an incorrect web site. Still, at this stage I had credit and 1 GB of data for two weeks, which is likely to be plenty.

I also put my Australian SIM into a spare old phone with good battery life, and data roaming disabled. The only point of this phone is to receive SMS sent to my Australian Optus phone number.

Another useful part of their plan is that there seems to be some level of free Lebara to Lebara calling, which is useful if you're travelling with others. I got two SIMS for this.

Lebara's web site is wrong

Lebara.fr must hate its customers. After adding credit you are directed to a web page which allegedly shows you how to add their APN into your phone so that 3G data works. Unfortunately it's absolutely wrong. In short:

- the APN name is fr.lebara.mobi

- the username is Web (Lebara tells you it's wap)

- the password is Web (Lebara tells you it's blank)

After finding the above setting on Tripadvisor I was able to get 3G working, and away I went. If you have a problem with Lebara and 3G data, this is your answer.

Rates

Their rates are very good for an Australian traveller. Calls to Australian landlines are 15 cents flag-fall, and 1 cent per minute! Calls within France are more expensive, but still cheap. I really only wanted data, the occasional phone call in France to book restaurants, and to call home (although I also have Skype credit to call landlines and mobile numbers).

Conclusion

I doubt that Lebara.fr would be a great choice for someone who can't solve technical issues or might need to call the support line (business hours Mon-Fri). If you're a bit more determined, it's a great solution. Just watch out for the false advertising on the amount of pre-paid data.

The Sydney Morning Herald reported on 14 February 2014 that the Federal government was once again considering requiring ISPs to block websites that allow users to infringe the copyright of others, and provide a “graduated response” against the ISP account holder. Blacklists can be a problem, as we’ve seen in the past - the existing blacklist of really unpleasant sites even gets it wrong occasionally. The other worrying part of this announcement is that while it is completely wrong for people to steal digital content, punishing the internet account holder by cutting off access when the infringer may be a family member or housemate is wrong-headed.

This announcement is made more interesting in the light of a January 2014 paper (http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2380522) about the French HADOPI three strikes piracy law introduced in 2009. This law also provided a “graduated response” and a government agency was created to administer it. In its original form the agency could issue several notices to an alleged infringer, and ultimately require an ISP to suspend internet access for up to a year. The authors (Arnold et al, from USA and French universities) analysed “the impact of this law on individual behaviour” in the light of their theoretical model. Their results indicated that “the law has no substantial deterrent effect.” They also found that determined and knowledgeable infringers will find ways to steal content with a greatly reduced likelihood of detection - they won’t use the well-known channels such as bittorrent. The authors found that there was a reduction in theft, but it was insignificant.

If laws such as HADOPI do not affect the behaviour of infringers in a material way, it makes sense to find other methods. Like many crimes, there are the suppliers (such as the old Pirate Bay) and there is the demand side. Pursuing individuals on the demand side is resource-intensive, and requires justice to be administered on a case-by-case basis for it to be fair. Pursuing the suppliers seems to be the obvious route, just as it is with illegal drugs. Of course, another way to prevent theft of physical objects is to lock them up, which is where the digital content industry started - Digital Rights Management. DRM eventually became such a headache for all involved that it has largely been abandoned in the consumer space, except for some book suppliers such as Amazon’s Audible. Blocking piracy is a difficult problem, but we should be aware of proposals to cut off household (or business) internet access when there might be only one infringing person.

Burned

You have no doubt read stories about children making in-app purchases on Apple or Android devices, sometimes spending thousands of dollars feeding virtual unicorns or building farms. In-app purchases are becoming a preferred monetisation model over up-front purchases of the application. After playing a game for some days or weeks, the player runs into a ‘wall’ preventing meaningful progress unless they purchase credits ranging from $5 to $100 or more. The USA Federal Trade Commission filed a complaint against Apple Inc, who in January agreed to pay at least USD$32.5M to settle the claim. Apple must also change its processes to avoid unplanned purchases. Apple had tried to limit the problem by only allowing a 15’ minute window for purchases after the password had been entered (by the parent, one presumes). However, the parent may have thought they were only authorising one purchase. The Android store has an even longer window. The ACCC has released consumer advice on the problem which notes that getting a refund can be time consuming and difficult. Unfortunately, Australian consumers can’t access the USA settlement.

Most consumers think that their electronic bits sent across the internet are just that - bits of information that are simply routed to their intended destination. However, telecommunication companies have a different view - many treat or want to treat the data differently depending on what’s inside those packets. ISPs and operators of the infrastructure often want to discriminate against certain types of traffic, such as VoIP, Skype or BitTorrent. This form of discrimination might be the bandwidth available to the type of traffic, or the location or user, and there are other types of net discrimination. This is a battle that has gone on for years, and it’s called “net neutrality.” Some time ago the USA Federal Communications Commission issued a ruling that telecommunication companies must treat all types of traffic equally. However, after a challenge by Verizon the US Court of Appeals DC Circuit held on 14 January 2014 that the FCC does not have the power to make such an order.

Why would a telecom coy want to discriminate? If your ISP is also a phone provider, it might not want to offer great service for cheap VoIP or Skype calls. ISPs with poor infrastructure that can only handle web browsing and email might want to throttle file downloads over ftp or BitTorrent. An ISP who also sells cable tv may want to offer a lousy YouTube or other IP video experience. These reasons are often clouded in arguments that the throttled services are damaging quality of service to other customers or are somehow unfair, but it usually comes down to protecting business opportunities.

In the world of free markets an ISP who applies net discrimination would only survive if it either offered other great services, or it was a monopoly or duopoly. You can see where this argument is going in relation to Australia, because in many Australian towns even a duopoly would be an improvement. Despite this, we have been fortunate to date.

Why is net neutrality important? It is mostly because it lets the consumer decide what is important. An immobile person might find it fantastic to have the array of YouTube videos on offer, whereas I rarely watch it. On the other hand, I often download gigabytes of software from my Microsoft TechNet subscription at 20 Mb/sec that dwarfs any YouTube watching. Teenagers will play online for hours and only use 50 MB/hour. An immigrant in a low paying job will want to call home frequently, and can do it cheaply with VoIP. Whose use is “better” or more deserving?

NBN Co

Net discrimination has been lurking in the wings in Australia for a while, but it hasn’t drawn too many complaints. We’ve always had access to the maximum speed possible for our location, but what about the NBN? Does it discriminate by user? Under Labor and Coalition governments it has never treated consumers equally on price. Many/most consumers think they are going to get a 100 Mb connection - but they’re not unless they pay for it. The NBN is intentionally speed throttled depending on how much you pay, which is very different to consumer experience to date. Apart from some cable users, until the NBN ISPs have offered same speed to all customers on a plan, and the only difference was the amount downloadable during the month. With the NBN both speed and downloads are in play; the entry speed is 12 Mb/s on Tier 1 (as opposed to, say, my Optus cable of 20 Mb/s), and the widely advertised 100 Mb is only available on Tier 5. By way of example, as I write, Optus is offering an NBN bundle of unlimited calls and 200 GB of download, but it’s only on Tier 1. I’m currently on Optus cable at nearly twice the speed, more than double the download, unlimited calls, and I pay $15/month more...

If you work for a large firm or enterprise you may well have experience in using Citrix technologies to access the corporate IT systems. This allows you to use applications on any computer (Mac or PC) in a way that either makes the remote corporate desktop take over the local computer, or you can just use the remote applications in a way that it seems like they’re running locally. On a fast connection with good IT systems it can be just as good as being in the office. The big advantage of this is that all your data is safe on the corporate system, and you can reconnect anytime and carry on working. There are even Citrix clients for iOS and Android that work fairly well despite the small screen size. This, combined with diverting your desk phone to your mobile means that unless you need a paper file, you become “location independent.”

Amazon has now entered this field and are trialling “remote desktop computers.” The idea is that your local computer (Mac, PC, Linux, iOS, Android) does nothing at all except run the Amazon software that connects to the remote PC, and that PC lives in their data centre. Every time you connect you log into your “own” PC, which will be in the state in which you left it. So let’s say you’re a small firm. You don’t want to be too involved with technology but you’ve got a new employee or a temporary contractor. You buy for your employee a basic PC or Mac that only has the operating system installed (around $400). You then log into a web page at Amazon and click a few buttons, and some minutes later a new remote computer has been provisioned with the software you requested (eg Microsoft Office). The new user receives his login details and is up and running. Since Amazon is already offering servers in this virtual environment you can share documents with each other, and the computer and documents are all backed up. The user can log off at work and log in at home or at a client - the same computer desktop is available. You pay for the remote PC by the month USD$35-75 depending on configuration. If you downsize your firm then you delete the PC and stop paying for it. Amazon is not alone in offering this type of service, but this seems to be the first relatively accessible offering to a wider market. You still might need some technical advice in how to configure email and file sharing services, but it certainly is an interesting model for a firm who doesn’t want a huge capital outlay or wants to outsource its IT management and backup.

Quick notes

In the late 90’s I was on a Law Society sub-committee on technology. One of the things we discussed was how many NSW solicitors had email addresses, and at that time it was well under 50%. I recently read a report (http://goo.gl/9lq3Tl) that a retired South Carolina attorney was disciplined for failing to have an active email address. We’ve come a long way.

Online dating profiles can be used in ways you don’t expect. The accused in a recent USA shooting has had his Match.com and AdultFriendFinder.com profiles and comments tendered in court.

My organisation has recently issued me with a Windows Phone 8, which I've been keen to try. I'm a very happy Android Nexus 4 user and ex-iPhone user, but Windows Phone 8 has been a bit of a challenge. Despite that, the Nokia Lumia 820 has great battery life and free downloadable GPS maps.

Having just finished International Business Transactions in my LLM course I’ve been looking at the practical methods of transacting overseas compared with the theory. Paying for goods and supplying goods using documentary letters of credit seems a pretty sensible, if cumbersome way of doing business with someone who you don’t yet trust. Once you do have a clearly good business relationship then you can dispense with all that and just use email and direct bank transfers. Or can you?

In Factory Direct Fencing Pty Ltd v Kong AH International Company Limited [2013] QDC 239 (27 September 2013) the Supreme Court of Queenland considered this very problem. Fencing had been purchasing fencing supplies from Kong for a time, and all was going well. Orders and invoices were exchanged by email, and payments were made by SWIFT transfer to the supplier’s bank in Hong Kong. Kong’s employee’s email address was junfumetal@yahoo.cn, but later emails arrived from junfu.metal@yahoo.cn. Fencing used the address glenn@fdfefencing.com.au, but after a time emails came from glenn.fdfencing@ymail.com. In each case the latter address turned out to be a fraudster impersonating both parties.

The fraudster emailed Fencing from the fraudulent address, giving him a bull story about why the banking details needed to be changed. The address was such that it wasn’t obvious it was a different address, and the tone of the email (despite having some clear warning signs) was more or less in keeping with previous correspondence. Any reply from Fencing went to the fraudulent address, and the fraudster was able to provide assurances as neccessary. It seems that the fraudster had had access to Kong’s email account, as he clearly had knowledge of the transactions and was able to use similar language to that used in previous correspondence, strengthening the impersonation.

Emails sent by either party were effectively intercepted and modifed before being on-sent with details to effect the fraud. This man-in-the-middle scam requires some skill and luck, but can only occur if at least one of the parties’ email account is compromised so that the requisite knowledge can be gained. Perhaps unsurprsingly, the forensic expert found that the IP addresses shown were allocated to Nigerian entities, although the court noted that these can be spoofed as well, so the emails could have originated in China.

Kong shipped the goods and Fencing paid into the fraudulent bank account, but when Kong didn’t receive payment it refused to authorise the release of the goods to Fencing, and the fraud came to light. The purchaser had paid on fraudulent invoices into the fraudster’s account. The court held that the vendor was not liable to the purchaser.

There are lessons to be learned here. Don’t use a public email domain like Gmail or Yahoo. It’s neither hard nor expensive to get your own domain. Remember that Gmail differs from Yahoo in that bill.bloggs is the same as billbloggs with Gmail, whereas at Yahoo they are different addresses. Yahoo also now recycles abandoned email addresses, which makes impersonation much more likely You might consider not including your name in the “from” address - only the actual email address is transmitted and a change will be obvious. Confirm critical changes by two methods. Ask for confirmation via fax or over the phone. Each of those could be fraudulent as well, but getting it “right” twice is less likely than getting it right once. Don’t “reply” to an email if you’re not positive about the sender. Create a new email from your own address book (but watch out for systems that auto-add addresses as soon as you receive an email).

About Me

Well known for my column Cyberspace in the Journal of the Law Society of New South Wales, I'm in private practice in a specialist technology & commercial law firm - Pym's Technology Lawyers. I've been in-house legal counsel at major enterprises:

Ash Street Partners

Pym's Technology Lawyers

Sydney Water Corporation (Australia's largest water utility), and

Technology & Commercial law team at the Australian Broadcasting Corporation (Australia's pre-eminent media organisation),